[Bug 926] pam_session_close called as user or not at all
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon May 23 18:59:24 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=926
------- Additional Comments From t8m at centrum.cz 2005-05-23 18:59 -------
I'm not sure if I understand your proposal well so I only make some remarks how
from the PAM point of view it should be done.
The pam_setcred(PAM_ESTABLISH_CRED) should be called before pam_open_session and
it shouldn't be necessary to call it with PAM_REINITIALIZE_CRED after that,
however it does no harm. What is important is to run pam_open_session as root
and in the same process (or before forking the child) where will be the user
shell executed.
The pam_close_session call should be done in the same process.
If your proposal stays within these limits it should be fine.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list